CVE-2026-33782

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S1 Junos OS versions 23.2 prior to 23.2R2 Junos OS versions 23.4 prior to 23.4R2

Description A memory leak in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series can be triggered by an adjacent, unauthenticated attacker, leading to a Denial-of-Service (DoS). This occurs in DHCPv6 over PPPoE or DHCPv6 over VLAN scenarios with Active lease query or Bulk lease query, where each subscriber logout leaks a small amount of memory. Exhaustion of available memory causes jdhcpd to crash and restart, resulting in service disruption. Memory usage can be monitored using the command show system processes extensive | match jdhcpd.

Recommendations Update to Junos OS version 22.4R3-S1 or later. Update to Junos OS version 23.2R2 or later. Update to Junos OS version 23.4R2 or later.